So I’ve basically learned why it’s the best practice to use PHP when doing form validation and submission. You just can’t let the user see what your form is doing… you really just can’t. I mean I’ve always been taught it but after having completely broken a site using a simple spam script (using their own code to send through the data), it just reinforced those lessons. Hopefully there’s no hard feelings.